CLAIMS 



1 . Method for protecting otne 
(Ks) cryptographic algorithm, charicterized 
performed depends, for each compi[iter 
stored in a secret area of the 



compu ter 



or more computer systems using the same secret key 

in that the way in which said calculation is 
system and for each secret key, on secret data (Ds) 
system or systems. 



2. Protection method according to claim 1, characterized in that, for each computer 



system and for each secret key (Ks i 



said cryptographic calculation is p\ iblic 



3. Protection method acccirdin 
two pieces of said secret data (Ds) 



ing to claim 1, characterized in that there are at least 
used by said computer systems. 



4. Protection method acc(Jrdin 
computer systems contains at least 



5. Protection method 
computer systems, there are at leasjt 
various secret keys used by this cohiput 



6. Protection method acc(brdin 
computer systems, each secret key (Ki 
a specific piece of said secret data 



7. Method according to c 



, the way in which said secret data (Ds) is used to perform 



g to claim 3, characterized in that each of the 
one specific piece of said-secret data (Ds). 



acc(j)rding t6 dlaim L characterized in that in each of the 

twoA^iecels said secret data (Ds), corresponding to the 
r sysnem. 



o claim 5, characterized in that in each of the 
s) used by said cryptographic calculation corresponds to 
(Ds). 



aim 1 for protecting one or more computer systems using 
a cryptographic calculation process using nonlinear transformations of km bits into kn bits 
described by k conversion tables in which n output bits of the transformation are read at an 
address that is a function of the kn| input bits, characterized in that for each of these nonlinear 
transformations, said k tables are plart of the secret data (Ds). 



8. Method according to cljaim 
a cryptographic calculation process 



1 for protecting one or more computer systems using 
using nonlinear transformations of km bits into kn bits 
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3 described by k conversion tables in which n output bits of the transformation are read at an 

4 address obtained by applying a secret bijective function (cp) to an m-bit value, itself obtained 

5 by applying a public function of the km input bits of the nonlinear transformation, 

6 characterized in that for each of these nonlinear transformations, said k tables are part of the 

7 secret data (Ds), 



1 - _ 9. Protection method according to claim 8, characterized in that for each of the 

2 nonlinear transformations, the secret bijective function ((p) is also part of the secret data (Ds). 

1 10. Method according to cjaim 1 for protecting one or more microcomputer cards, 

2 characterized in that the secret dat^ is stored in the E^PROM memory of said microcomputer 

3 card. 
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1 1 . Protection method according to claim 1 , characterized in that a conversion table 
calculation program is stored in each computer system and activated by a given event in order 
to calculate-the tables and store-a l or part of-these tables in the secret data. 



12. Protection method 
the exceeding of a given value 



according ip clajm 1 l^characterized in that the given event is 
bi^ a countfer. 



13. Utilization of the me 
calculation process supported by 



hod acc 

A 
the DES 



*ding to claim 1 to protect a cryptographic 
TripleMDES and RSA algorithms. 



14, Computer system co nprising means for storing a modified cryptographic 
algorithm that adheres to the computational phases of the standard cryptographic algorithm 
and uses a secret encryption key contained in a secret area of storage means, and means for 
executing this modified cryptographic algorithm, characterized in that the computer system 
comprises first secret means for -eplacing each intermediate variable required for the 
computational phases of the standard algorithm v^ith a plurality (k) of partial intermediate 
variables, second means for applying a nonlinear transformation table to each of these partial 
intermediate variables, and third secret means for reconstituting the final result corresponding 
to the utilization of the standard c ryptographic algorithm from results obtained on the partial 
variables. 
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15. Computer system according to claim 14, characterized in that secret data stored in 
the secret area includes at least one first random variable vi constituting at least one secret 
partial variable, and the modified algorithm determines at least one other partial variable, for 
example V2, by applying a first secret function to the intermediate variable v and the secret 
partial variable or variables vi. 

16. Computer system according to claim 15, characterized in that the modified 
algorithm includes means for applying Ithe nonlinear transformations to the partial variables 
vi and V2 by using tables, at least one of v^hich A, formed by random selection, is stored in 
the secret data Ds, the other tables reqpired for the calculations being stored in a nonvolatile 
memory, means for executing the vari dus computational rounds of the standard algorithm, 
each time using the tables on the partial variables, and means for calculating the result in the 
last round of the algorithm by combir ing the partial variables in accordance with a second 
secret function. 



17. Computer system acc(|)rding 
means of the modified algorithm are 
intermediate variables and each interhiedi^te 
value of this intermediate variable 
partial values v/ such that there exists 
equation /fv/, v/, vj = v. 



never 



18. Computer system ace 
means of the modified algorithm are 
the k partial conversion tables, k-1 



19. Computer system acc 3 




lim 14, characterized in that the first secret 
unction / linking the partial 
vamabie (v), such that the knowledge of one 
lossible to deduce all of the particular 
vy, v/.y, v/+y, ... vj that satisfics the 



)rding to claim 14, characterized in that the second 
constituted by k partial conversion tables, and among 
pirtial conversion tables contain secret random variables. 



rding to claim 18, characterized in that the second 



means of the modified algorithm coi iprise k conversion tables, each of these conversion 



tables receiving as input a value obt 
function f(vi,..., Vk) of the partial int 



ined by applying a secret bijective function cpi to said 
^rmediate variables in accordance with the relation (pj o 
f(vi, ...,Vk), j G [l,k], this application cpj o f(vi,..., Vk) being performed by direct evaluation 
of a resulting value, this resulting valjue, applied to the input of the conversion table, making 
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it possible to read n output bits of th|e transformation at an address that is a function of these 
m input bits. 

20. Computer system acc ording to claim 14, characterized in that the second 
means of the modified algorithm comprise means for replacing each nonlinear transformation 
applied to an intermediate variable of the standard cryptographic calculation process, without 
a separation, with a partial nonlinear transformation of km bits into A:n bits apphed to all of 
the partial intermediate variables, means for calculating (k-)n of said output bits of this 
transformation as a polynomial funct on of the km input bits, and means for reading the 
remaining n bits of said output bits by reading a conversion table in which the n remaining 
bits are read at an address that is a function of the km input bits. 



2 1 . Computer system 
means for sequentially executing th 
various parts resulting from the sep^ation 
several distinct calculation process parts. 



acc^ording to claim 14, characterized in that it includes 
:ion^ performed by the modified algorithm ir 
cryptographic calculation process into 



22. Computer system acco 
for executing, in interleaved fashion 
from the separation of the cryptogi 
process parts. 



ding tc 



claim\14, characterized in that it includes means 
, the oj)erations performed in the various parts resulting 
aphic calculation process into several distinct calculation 



23. Computer system acco] 
for simultaneously executing the 
separation of the cryptographic cal 
parts, in the event of multiprogranriming 




ding to claim 14, characterized in that it includes means 
oj^erations performed in the various parts resulting from the 
ulation process into several distinct calculation process 



24. Computer system according to claim 14, characterized in that it includes means 
for simultaneously executing, in different processors working in parallel, the operations 
performed in the various parts resulting from the separation of the cryptographic calculation 
process into several distinct calculation process parts. 
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25. Computer system according to claim 14, characterized in that it includes a 
conversion table calculation program stored in each computer system and means for the 
activation by a given event of the/calct^tion of the tables and for the storage of all or part of 
these tables in the secret data. 




26. Computer system according to claim 14, characterized in that a counter includes 
means for storing a value that-islincremented with each cryptographic calculation so as to 
constitute the given event for the activation, by activating means, of the calculation of the 
tables when a given value is exceeded. 
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